After update on Debian 8 Jessie usr.bin.thunderbird appeared, and now now I see some DENIED messages (same on Debian Unstable):
type=AVC msg=audit(1501048134.907:8589): apparmor="DENIED" operation="file_mprotect" profile="thunderbird//lsb_release" name="/usr/bin/python2.7" pid=4744 comm="lsb_release" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
type=SYSCALL msg=audit(1501048134.907:8589): arch=c000003e syscall=10 success=no exit=-13 a0=91d000 a1=1000 a2=1 a3=7f01647551b0 items=0 ppid=4713 pid=4744 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm="lsb_release" exe="/usr/bin/python2.7" key=(null)
type=PROCTITLE msg=audit(1501048134.907:8589): proctitle=2F7573722F62696E2F707974686F6E002D4573002F7573722F62696E2F6C73625F72656C65617365002D69647263
type=AVC msg=audit(1501048002.887:8568): apparmor="DENIED" operation="file_mmap" profile="thunderbird" name="/usr/lib/mozilla/plugins/skypebuttons.so" pid=3596 comm="thunderbird" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
type=SYSCALL msg=audit(1501048002.887:8568): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=2126d8 a2=5 a3=802 items=0 ppid=2647 pid=3596 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm="thunderbird" exe="/usr/lib/thunderbird/thunderbird" key=(null)
type=PROCTITLE msg=audit(1501048002.887:8568): proctitle="/usr/lib/thunderbird/thunderbird"
type=AVC msg=audit(1501048002.867:8567): apparmor="DENIED" operation="file_mmap" profile="thunderbird" name="/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/amd64/IcedTeaPlugin.so" pid=3596 comm="thunderbird" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0
type=SYSCALL msg=audit(1501048002.867:8567): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=299c38 a2=5 a3=802 items=0 ppid=2647 pid=3596 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm="thunderbird" exe="/usr/lib/thunderbird/thunderbird" key=(null)
type=PROCTITLE msg=audit(1501048002.867:8567): proctitle="/usr/lib/thunderbird/thunderbird"
Thanks a lot for reporting this upstream, but sadly the profile shipped in Debian has diverged from the one found in lp:apparmor-profiles (I've just initiated a discussion about this topic: https:/
This being said, I think it's a mistake that the security backports of Thunderbird for Wheezy & Jessie introduced the AppArmor profile that was meant for Stretch and newer: I don't think we're ready to support that profile in Wheezy & Jessie. Can you please file a bug report in Debian about this?